MDKSA-2006:035-1

Problem description

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions via
unknown attack vectors.

Update:

A regression was introduced with the backported patch from PHP 4.4.1
that would prevent PHP from creating a new file with imagepng(),
imagejpeg(), etc. Thanks to Tibor Pittich for bringing this to our
attention.